Veiko Kukk wrote:
Hi!
I need to delay failed ssh password authentication as an additional
measure against brute force ssh attacks. I understand, that shoud be
accomplished through pam, but googling gave me no example. I have
CentOS 5.2.
I think I'd set MaxAuthTries to 2 in /etc/ssh/sshd_config (give your
legit users one chance when they mistype the password), then use the
iptables stuff to rate limit ssh connections from a given source IP,
after a few connection attempts in < 1 minute, blacklist that IP for a
half hour or something.
you don't want to set it TOO sensitive or you'll find yourself unable to
open several shell windows to the same host (something I do frequently
so I can have one for an edit session or running an installer or
sommething, and another for man or for doing root stuff, or whatever.
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
